Letter from the PRA on working with Deposit Aggregators

In view of the increasing use of deposit aggregators (DAs) which typically facilitate the depositing of funds across multiple banks via a single interface, the Prudential Regulation Authority (PRA) has drawn up a Dear CEO Letter addressed at financial institutions, including banks and building societies. In this letter, the PRA sets out its expectations as to the steps institutions need to take to address three key risks associated with the use of DAs, namely:
– Pay-out risk in relation to the Financial Services Compensation Scheme (FSCS)
– Liquidity risk
– Third-party risk
Each one of these risks is briefly described below along with the corresponding „recommendations“ of the PRA.
(1) Pay-out risk in relation to the FSCS: In the event of a DA failure, customers must receive their funds from the FSCS as promptly as possible. Therefore, financial institutions that deploy DAs as „trust“ firms need to ensure that the contractual terms are clear in that the customers have an „absolute entitlement“ to their funds. Thus, a regular review of (onboarding) contracts is a must. Also, institutions must ensure that the DA can provide detailed and accurate data about their (trust) clients to facilitate prompt pay-out by the FSCS, if needed. In this context, the PRA expects institutions to test and monitor the „data provision capabilities“ of DAs and to periodically request full Single Customer View (SCV) files from the DA. Moreover, institutions need to monitor and regularly review a DA’s customer onboarding procedures to ensure that the firm performs adequate Know Your Customer (KYC) and Anti-Money Laundering (AML) checks. Notifications about changes in such processes are also recommended by the PRA. Finally, the PRA suggests that financial institutions engage with deposit aggregators to promote their participation in the FSCS testing services to ensure maximum protection for deposited funds.
(2) Liquidity risks: Liquidity risks particularly for smaller institutions may arise if they engage with a limited number of DAs that provide a large portion of deposits (concentration risk). In such case, the commercial relationship between the deposit aggregator and the institution may lead to significant liquidity issues in case of customer withdrawals, e.g. due to issues arising at the DA. Therefore, institutions should consider potential correlation and concentration risks in managing their liquidity and should factor in the potential speed and scale of outflows from DA-sourced deposits. Also, institutions must ensure to include both direct and indirect deposits with a DA in their Liquidity Coverage Ratio (LCR) calculations and take such deposits into consideration when performing stress tests. Finally, institutions are expected to act prudently, maintain adequate financial resources, and have effective risk management strategies in place for managing DA-initiated deposits. A thorough understanding of the risks associated with DA use and anticipation of potential deposit flow changes is thereby a must.
(3) Third-party risk: Banks and building societies have an obligation to adequately and prudently manage their risks associated with third-party engagements. In this context, the PRA reminds of its supervisory statement, SS 2/21, on Outsourcing and Third-Party Risk Management. In this context, the PRA notes that financial institutions should evaluate how the expectations outlined in the document align with their arrangements with deposit aggregators, specifically focusing on implementing necessary controls to mitigate risks related to these third-party arrangements.